Middleware using AWS API gateway

I am using AWS Cognito along with API gateway and lambda functions. I have about 40 functions and 30 of these are available to authenticated users only. I have a scenario now where I need to limit concurrent logins of a user based upon their subscription level. so I want some way mechanism to achieve the objective. for example

  • Some kind of middleware concept, so all api gateway requests pass through a lambda function before going to final micro service lambda function.

  • handle it at time cognito login, (so my custom lambda function can interact with dynamo db to check login policy)

  • any other mechanism that might work to achieve the objective.

additionally is there some way to programmatically remove invalidate user’s specific cognito session and refresh token?

My application is in last stages of development and still not in production, so I can switch away from cognito if needed